Archive

I was recently excited to see that Ubuntu has included an “Uncomplicated Firewall” in the Hardy Heron release. This was perfect since my mom has just had Ubuntu 8.04 placed on her laptop and I was concerned that she have a firewall to protect her laptop. She has struggled with Linux and making the transition from Win…whatever so I have been searching for simple solutions. Ubuntu known for their simple solutions, has saved the day again by simplifying security for users. Here is the simple process and a record of how quickly my mom picks this simple stuff up. Click Here for the BeginLinux.com ufw Tutorial.

“Mom…I have a simple solution for the security on your computer!”

“Oh great I know you have told me that Linux is soooo simple, I need an easy uncomplicated way to make sure I don’t get hacked. What do I need to do?”

“I am so pleased you are going to help me, that stupid firewall you showed me before was just too difficult for me. I remember I had to:

sudo apt-get install lokkit

That command was tough alone but then picking the ports that I should have open after the install was confusing since I had to know that remote support from you was coming in on port 22. And I had to click OK…

Besides that worthless firewall said “Red Hat” on it and I certainly do not need that on my Ubuntu machine!”

“Yea mom, I know the Lokkit firewall was complicated, two steps is just too much to ask….we will be working with the ‘Uncomplicated Firewall’ so you can just take it easy…. Here we go now open up a terminal.”

“Terminal who?”

“Mom, this is really simple, just open up the command line terminal, Applications/Accessories/Terminal…yea now you got it…good we are almost there. Now just check the commands that you can run by typing ufw”

Usage: ufw COMMAND

Commands:
enable Enables the firewall
disable Disables the firewall
default ARG set default policy to ALLOW or DENY
logging ARG set logging to ON or OFF
allow|deny RULE allow or deny RULE
delete allow|deny RULE delete the allow/deny RULE
status show firewall status
version display version information

“What is all this stuff? And what do I need this for…am I done?”

“Well no mom, this is information about how to set up rules.”

“Huh…”

“Rules mom….simple uncomplicated rules for how it will interface with iptables on the INPUT, OUTPUT and FORWARD chains…it’s easy.”

“I don’t want no rules…I don’t want to learn no rules and I DON’T WANT TO HEAR ABOUT EASY RULES!!!!”

“Mom….look just turn it on.”

“My computer is on…look at the screen why do you think I am typing….see.”

“No mom I mean turn on the uncomplicated firewall.”

“You mean I have to turn it on…why do I have to turn it on, where is the button?”

“Sorry, the developers thought you might have another firewall running and this might interfere with the
rules that you had written so it is off when you first start Ubuntu 8.04. All you have to do is this command to start it:”

ufw enable

“OK now it is on…”

“Are we done NOW?”

“No mom you need to set a default deny policy for your chains. See just do this:”

“WHAT????????…..Is this Chineeese…what kind of joke is this…I am too old to learn a new language and
what is the OUTPUT…it is not DROP it is ALLOW, what is the Default DROP anyway? And why am I allowing
people to get into my computer…is this really safe?”

“Easy Mom, it is really easy. OK, so the default DROP is really not a default DROP for all the chains
just the INPUT and FORWARD chain.”

“Who am I FORWARDing stuff to, does that go to you?”

“Well no Mom…this is really if you have two network cards and one was eth0 and the second was eth1
and you were FORWARDing traffic to an internal network, maybe using NAT and having a firewall on the outside
and you need to make sure that your /proc/sys/net/ipv4/ip_forward is 1 so that you can transfer traffic…..”

“Oh stop that mumble jumble garbage…this is supposed be easy..am I done?”

“Well no, just a few more steps, you need to write a rule that allows me to connect to your laptop for
support when you need it. Just use the ufw command to allow a connection from my computer at 192.168.5.100 like this:

“You’re kidding me right…what is this Halloween trick and treat? What is the gibberish…why don’t I just write 123456789….port what is this a fishing adventure? I told you I was sick and tired of your IT Techie baloney … I HAVE NO IDEA WHAT YOU ARE TALKING ABOUT YOU MORON!!!!!!“

“Mom, please don’t start that again this really is not complicated, just type what I wrote on the notepad,
OK I will leave as soon as we are done. This really is simple…”